<?php
/*
* StiPHPcms, A web Content management System made with PHP/MySQL
* JordSti : jord52@gmail.com
* Version : 0.0.2
*
* Copyright (C) 2009  jord52@gmail.com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*/

include "core/main.php";
include "core/tools/string.php";

$page = new CMSPage($cms_config);

$page->init();

	if($page->isUserLog())
	{
		$page->error($page->lang['user_already_log'],"index.php");
	}
	
	if($_POST['password']!=$_POST['password2'])
	{
		$page->error($page->lang['password_mismatch']);
	}
	
	if(strlen($_POST['password'])<8)
	{
		$page->error($page->lang['password_too_small']);
	}
	
	if((strlen($_POST['username'])<6) || (strlen($_POST['username'])>32))
	{
		$page->error($page->lang['username_length']);
	}
	
	/*if(!preg_match('.+@.+',$_POST['email']))
	{
		$page->error($page->lang['email_invalid']);
	}*/
	
	if(!isset($_SESSION['str_code']))
	{
		$page->error($page->lang['code_invalid']);
	}
	
	$str_code = $_SESSION['str_code'];
	
	$password = md5($_POST['password']);
	
	$code = strtoupper($_POST['code']);
	
	$user = array_sql_escape($_POST);
	$username = $user['username'];
	$email = $user['email'];
	$stamp = time();
	$activation_code = md5($username.$stamp);
	

	if($code != $str_code)
	{
		$page->error($page->lang['code_invalid']);
	}
	
	$dt = $page->sql_query("SELECT * FROM %prefix%users WHERE username='$username'");
	
	if(mysql_num_rows($dt)!=0)
	{
		$page->error($page->lang['username_exist']);
	}
	
	//Email activation!!
	// TO DO
	
$dt = $page->sql_query("INSERT INTO %prefix%users VALUES('','$username','$password','$email',$stamp,1,'$activation_code')");

$dt = $page->sql_query("SELECT id FROM %prefix%users WHERE username='$username'");

$data = mysql_fetch_array($dt);
$user_id = $data['id'];

$page->sql_query("INSERT INTO %prefix%profiles SET user_id=$user_id,birthdate='-2145898800'");

$page->renderHeader($page->lang['newaccount']);

$page->renderMenu();


$page->template->addFrame("",$page->lang['account_created']);


$page->close();

?>